Building Images on Docker behind a proxy
Daniel Nashed – 23 March 2024 10:26:09
This challenge came up at a customer when building an image in a corporate environment. It can be quite tricky and the devil is in the detail.
There are multiple layers where you need the proxy set:
1. Docker needs to be able to pull images
2. The container image build Linux needs to have access to a repository server to load new packages and update existing packages
If you have an internal repository server for Linux updates for the base image you choose, you want to point image to that repository.
In this case you might want to build your own base image containing the right repository URLs like you configure your normal Linux servers.
But sometimes your host OS and the container image might differ and you want to pull the Linux packages from a trusted external resource.
In some cases customers even restrict the target URLs on their proxy, which can be also problematic.
But in this case your Squid proxy access.log or equivalent on your proxy is your friend.
Once you figured out where and how you get your base image and Linux updates, you can start setting the configuration.
In my case I am using a Squid proxy for HTTP and HTTPS requests.
Configure proxy on Docker host
Once Docker has a proxy setting, it will pass the proxy to the container during build via environment variables.
Those settings are picked up by your build container.
For local connections I had to modify the build logic to exclude the NGINX local hosting IP, which would have gone thru the proxy too.
Curl in the currently used versions in most distributions does not yet allow to exclude IP ranges.
Therefore I am excluding the IP address of the NGINX container only.
vi /usr/lib/systemd/system/docker.service
---
Environment=https_proxy=http://192.168.96.99:3128
Environment=http_proxy=http://192.168.96.99:3128
systemctl daemon-reload
systemctl restart docker
Configure proxy on Docker client
mkdir ~/.docker
vi ~/.docker/config.json
---
{
"proxies": {
"default": {
"httpProxy": "http://192.168.96.99:3128",
"httpsProxy": "http://192.168.96.99:3128"
}
}
}
Configure proxy for your current session for curl, git and other operations
Usually the proxy should be already set on OS level.
But if it is not generally set, you can export the proxy using environment variables in your current session.
export https_proxy=http://192.168.96.99:3128
export http_proxy=http://192.168.96.99:3128
This last step might not be needed for a Docker build, but would be useful for curl and other operations.
Your admin might have already globally set the proxy in your environment.
Else also for pulling Linux updates or installing packages on your host needs the proxy (unless you configured a local repo cache)
The proxy would be also used by your Git client to pull updates from GitHub.
- Comments [0]